Description

Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets through the public search endpoint (`POST /api/search/share-search`) for publicly shared content. This flaw allows unauthenticated users to enumerate and retrieve content that should remain hidden from public share viewers, leading to a confidentiality breach. Version 0.70.3 contains a patch.

INFO

Published Date :

2026-04-14T21:36:53.562Z

Last Modified :

2026-04-15T14:28:08.044Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33146 vulnerability.

Vendors Products
Docmost
  • Docmost
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33146.

URL Resource
https://github.com/docmost/docmost/security/advisories/GHSA-qq4c-8rjr-w42c cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact